From ba094fcf39352f161c0787c4ad1ba7e66d317049 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=80=86=E4=B8=96=E7=95=8C?=
 <13035954+reverse-world@user.noreply.gitee.com>
Date: Thu, 7 Sep 2023 12:46:34 +0000
Subject: [PATCH 1/2] update openssl.spec.

---
 openssl.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/openssl.spec b/openssl.spec
index 39dbe2c..80e28c6 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1f
-Release:     27
+Release:     28
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -112,6 +112,7 @@ Patch101:    backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-
 Patch102:    backport-Update-further-expiring-certificates-that-affect-tes.patch
 Patch103:    backport-CVE-2023-3817.patch
 Patch104:    backport-CVE-2023-3817-testcase.patch
+Patch105：   fix-FIPS-getenv-problem.patch
 
 BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel
 
@@ -296,6 +297,9 @@ make test || :
 %{_pkgdocdir}/html/
 
 %changelog
+* Thu Sep 7 2023 reverse-world - 1:1.1.1f-28
+- fix FIPS getenv compatibility problem
+
 * Thu Aug 3 2023 liningjie <liningjie@xfusion.com> - 1:1.1.1f-27
 - fix CVE-2023-3817
 
-- 
Gitee


From bb63d086ef09517f365b5888d50ed5243d44bb7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=80=86=E4=B8=96=E7=95=8C?=
 <13035954+reverse-world@user.noreply.gitee.com>
Date: Thu, 7 Sep 2023 12:48:52 +0000
Subject: [PATCH 2/2] add fix-FIPS-getenv-problem.patch.

---
 fix-FIPS-getenv-problem.patch | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 fix-FIPS-getenv-problem.patch

diff --git a/fix-FIPS-getenv-problem.patch b/fix-FIPS-getenv-problem.patch
new file mode 100644
index 0000000..df05aef
--- /dev/null
+++ b/fix-FIPS-getenv-problem.patch
@@ -0,0 +1,30 @@
+diff --git a/crypto/o_init.c b/crypto/o_init.c
+index b1eef43..4fbb0e5 100644
+--- a/crypto/o_init.c
++++ b/crypto/o_init.c
+@@ -7,7 +7,7 @@
+  * https://www.openssl.org/source/license.html
+  */
+ 
+-/* for secure_getenv */
++/* for ossl_safe_getenv */
+ #define _GNU_SOURCE
+ #include "e_os.h"
+ #include <openssl/err.h>
+@@ -21,6 +21,7 @@
+ # include <openssl/rand.h>
+ # include <openssl/fips.h>
+ # include "crypto/fips.h"
++# include "internal/cryptlib.h"
+ 
+ # define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+ 
+@@ -29,7 +30,7 @@ static void init_fips_mode(void)
+     char buf[2] = "0";
+     int fd;
+ 
+-    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
++    if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+         buf[0] = '1';
+     } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+         while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
-- 
Gitee